You can use tokens in correlation rules. A token is similar to a substitution parameter and can be recognized by the preceding ampersand character (&). For each Event field, any tokens are replaced by their actual correlation rule values (if they exist), otherwise they will be replaced by a word wildcard, that is, any value will match.
AEC supports the following types of tokens:
|
Copyright © 2010 CA.
All rights reserved.
|
|